cedivad
Legendary
Offline
Activity: 1176
Merit: 1001
|
|
December 26, 2012, 11:08:22 AM |
|
Lol, and i tought that BASH wasn't my bottleneck
|
My anger against what is wrong in the Bitcoin community is productive: Bitcointa.lk - Replace "Bitcointalk.org" with "Bitcointa.lk" in this url to see how this page looks like on a proper forum (Announcement Thread)Hashfast.org - Wiki for screwed customers
|
|
|
phr33
|
|
December 26, 2012, 11:11:49 AM |
|
Has anyone tried to use c to create the dictionary?
i do it in java with JNI mixed. What's your speed? It would take me something like 1 day to write the 14 million combinations there are... 2 seconds to create the wordlist (4 chars) 17 seconds to create all sha256 sums 1.5 seconds to write it down to disk (916MB) Feel free to benchmark the python version on your überclocked machine with blazing fast SSD!
|
My BTC input: 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ My GPG ID: B0CCFD4A
|
|
|
K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 26, 2012, 11:15:26 AM |
|
k1773r@COOLERMASTER:~/git/JohnTheRipper/src$ ../run/john -fo:gpg-opencl -t OpenCL platform 0: NVIDIA CUDA, 1 device(s). Using device 0: GeForce GTX 580 Benchmarking: OpenPGP / GnuPG Secret Key [OpenCL]... DONE Raw: 91247 c/s real, 92160 c/s virtual now thats a NICE improvement EDIT: 35 seconds for FULL scan brute forcing is faster than creating the wordlist, awesome Those GPU sure can run! The issue I mentioned before was regarding the "trying: xxx" output. There is none in your new dump so I don't know if you fixed the problem or not. It looked like it only tried with half of the hash. just checked it, its the same for the GPU, do not ask me why! the wordlist hashes are right but the output isnt, did you run into this problem too? for the GPU it "looks" crazy too: guesses: 0 time: 0:00:00:35 DONE (Wed Dec 26 11:42:23 2012) c/s: 414364 trying: 7277b9b8b5034fc - eea8eca3d152537 and the hash from the hashfile is 7277b9b8b5034fc4e715be0e9e61bf3aac30cce46396a30b5272d89e19418a61, ah dammit! Yes - you need to modify jtr to use this long passwords how did you fix this? google results are unrelated to this problem (or atleast all i have read so far). good that i dont delete my wordlists so afterwards i can just recheck...
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 26, 2012, 11:22:12 AM |
|
Has anyone tried to use c to create the dictionary?
i do it in java with JNI mixed. What's your speed? It would take me something like 1 day to write the 14 million combinations there are... 2 seconds to create the wordlist (4 chars) 17 seconds to create all sha256 sums 1.5 seconds to write it down to disk (916MB) Feel free to benchmark the python version on your überclocked machine with blazing fast SSD! i dont have SSD, dislike to loose my data so fast, the reason why it writes so fast is simply the ext4 cache/buffer. real 1m39.336s user 1m38.058s sys 0m0.868s
altough this test dosnt seem to be a good benchmark since there are several daemons/VM running. which python version, pypy or python?
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
phr33
|
|
December 26, 2012, 11:22:43 AM |
|
how did you fix this? google results are unrelated to this problem (or atleast all i have read so far). good that i dont delete my wordlists so afterwards i can just recheck...
Google is usually good, but sometimes one need to just have a look at the source code. You'll find the gpg plugin implemented in src/gpg_fmt_plug.c I'm sure you will find the length defined there!
|
My BTC input: 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ My GPG ID: B0CCFD4A
|
|
|
phr33
|
|
December 26, 2012, 11:24:07 AM |
|
Has anyone tried to use c to create the dictionary?
i do it in java with JNI mixed. What's your speed? It would take me something like 1 day to write the 14 million combinations there are... 2 seconds to create the wordlist (4 chars) 17 seconds to create all sha256 sums 1.5 seconds to write it down to disk (916MB) Feel free to benchmark the python version on your überclocked machine with blazing fast SSD! i dont have SSD, dislike to loose my data so fast, the reason why it writes so fast is simply the ext4 cache/buffer. real 1m39.336s user 1m38.058s sys 0m0.868s
altough this test dosnt seem to be a good benchmark since there are several daemons/VM running. which python version, pypy or python? $ python --version Python 2.7.3
|
My BTC input: 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ My GPG ID: B0CCFD4A
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
December 26, 2012, 11:29:40 AM |
|
Not sure if you guys have already been doing this but if some basic stats (such as the total # of attempts each of you have tried) could be published then I think that would be very useful (after it has been cracked of course and perhaps only by the winner).
|
|
|
|
Scrat Acorns
|
|
December 26, 2012, 11:31:14 AM |
|
Not sure if you guys have already been doing this but if some basic stats (such as the total # of attempts each of you have tried) could be published then I think that would be very useful (after it has been cracked of course).
200+ salt variations tested. Kill me now. I've been running this since yesterday. Been aware of the echo newline injection and the JTR limitation from the get go.
|
|
|
|
phr33
|
|
December 26, 2012, 11:31:52 AM |
|
A general recommendation when writing brute force scripts is to try it on something you know the password to! In this case, create a gpg key with a password using your own 4 letter password run through the key derivation and check that you actually find the key! I myself tend to always screw up at least some small detail. Testing is crucial if you don't want to wast all those cpu-hours
|
My BTC input: 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ My GPG ID: B0CCFD4A
|
|
|
K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 26, 2012, 11:33:19 AM |
|
how did you fix this? google results are unrelated to this problem (or atleast all i have read so far). good that i dont delete my wordlists so afterwards i can just recheck...
Google is usually good, but sometimes one need to just have a look at the source code. You'll find the gpg plugin implemented in src/gpg_fmt_plug.c I'm sure you will find the length defined there! this hurts... who is so retarded and sets this? #define PLAINTEXT_LENGTH 32 recompiling with 64. edit opencl_gpg_fmt_plug.c too! (defaults to 15, wtf?) compiling done: guesses: 0 time: 0:00:00:35 DONE (Wed Dec 26 12:31:23 2012) c/s: 411250 trying: 7277b9b8b5034fc4e715be0e@a785a10e4399ab30ec56aee3@f30430753b6537 - eea8eca3d1525375b2091f1760ae69e now the opencl stuff is crap (see the @). python stuff: $ python --version Python 2.6.5 my guess: faster hashing/loops in 2.7 compared to 2.6.
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
phr33
|
|
December 26, 2012, 11:33:54 AM |
|
Not sure if you guys have already been doing this but if some basic stats (such as the total # of attempts each of you have tried) could be published then I think that would be very useful (after it has been cracked of course and perhaps only by the winner).
I tested all passwords for 9 different key derivations before throwing in the towel.
|
My BTC input: 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ My GPG ID: B0CCFD4A
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
December 26, 2012, 11:37:37 AM |
|
I tested all passwords for 9 different key derivations before throwing in the towel.
Sorry to hear that but as you have been very helpful with this I will be sending you 1 BTC anyway (let me know what address to send to either here in a PM if you prefer). How are the rest of you going - want that hint earlier or happy to wait till until confirmation # 200?
|
|
|
|
phr33
|
|
December 26, 2012, 11:38:50 AM |
|
this hurts... who is so retarded and sets this? #define PLAINTEXT_LENGTH 32 Hehe. I bet they thought "noone is retared enough to try to brute force more than 32 chars anyway" when they set it As for the open-cl version they seem to have a more legit reason. Probably more restricted data types and more clever packing of data in there to get nice performance.
|
My BTC input: 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ My GPG ID: B0CCFD4A
|
|
|
K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 26, 2012, 11:39:11 AM |
|
I tested all passwords for 9 different key derivations before throwing in the towel.
Sorry to hear that but as you have been very helpful with this I will be sending you 1 BTC anyway (let me know what address to send to either here in a PM if you prefer). How are the rest of you going - want that hint earlier or happy to wait till until confirmation # 200? i got 7 so far, still got the wordlists waiting seems fine, i need to sleep too, my body is still human
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
phr33
|
|
December 26, 2012, 11:44:48 AM |
|
I tested all passwords for 9 different key derivations before throwing in the towel.
Sorry to hear that but as you have been very helpful with this I will be sending you 1 BTC anyway (let me know what address to send to either here in a PM if you prefer). How are the rest of you going - want that hint earlier or happy to wait till until confirmation # 200? Thanks! You can send it to 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ All winnings will be passed on to a followup contest! It might take a while, but there will be one!
|
My BTC input: 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ My GPG ID: B0CCFD4A
|
|
|
Scrat Acorns
|
|
December 26, 2012, 11:46:42 AM |
|
How are the rest of you going - want that hint earlier or happy to wait till until confirmation # 200?
Whatever you decide let us know now. I am also throwing in the towel after 210 or so tries. Been running it since yesterday on a 16 core Xeon.
|
|
|
|
K1773R
Legendary
Offline
Activity: 1792
Merit: 1008
/dev/null
|
|
December 26, 2012, 11:49:36 AM |
|
this hurts... who is so retarded and sets this? #define PLAINTEXT_LENGTH 32 Hehe. I bet they thought "noone is retared enough to try to brute force more than 32 chars anyway" when they set it As for the open-cl version they seem to have a more legit reason. Probably more restricted data types and more clever packing of data in there to get nice performance. yes, for opencl u have to change this typedef struct { uint8_t length; uint8_t v[24]; } gpg_password; change the 24 to 64 in both files (current folder and opencl). now its working guesses: 0 time: 0:00:00:36 DONE (Wed Dec 26 12:44:56 2012) c/s: 409200 trying: 7277b9b8b5034fc4e715be0e9e61bf3aac30cce46396a30b5272d89e19418a61 - eea8eca3d1525375b2091f1760ae69e eea8eca3d1525375b2091f1760ae69e <-- last hash in wordlist which is a bug but dosnt matter. (bug fixed, forgot to fsync it)
|
[GPG Public Key]BTC/DVC/TRC/FRC: 1 K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM A K1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: N K1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: L Ki773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: E K1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: b K1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
|
|
|
CIYAM (OP)
Legendary
Offline
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
|
|
December 26, 2012, 11:53:12 AM |
|
You can send it to 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ
All winnings will be passed on to a followup contest! It might take a while, but there will be one!
On it's way: http://blockchain.info/tx/003a4b9ee67639a08c28b9c183ab36f3b2fc192aeac84d9bd8cc29684f6f094eI have a much better bash script that I am including with a custom Open SUSE distro (which I am still putting together) - that will be a hell of a lot more challenging than this to crack (the point being similar to Mike Caldwell's one that you don't need to remember a huge password to get good security).
|
|
|
|
phr33
|
|
December 26, 2012, 11:53:33 AM |
|
yes, for opencl u have to change this typedef struct { uint8_t length; uint8_t v[24]; } gpg_password; change the 24 to 64 in both files (current folder and opencl). now its working Looks good! I would still defiantly try that using a key with known password to make sure it really works
|
My BTC input: 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ My GPG ID: B0CCFD4A
|
|
|
Scrat Acorns
|
|
December 26, 2012, 11:55:26 AM |
|
I have a much better bash script that I am including with a custom Open SUSE distro (which I am still putting together) - that will be a hell of a lot more challenging than this to crack (the point being similar to Mike Caldwell's one that you don't need to remember a huge password to get good security). This is security by obscurity though. Once they know about your implementation it will be easily cracked. Why not use a well scrutinized key derivation function and run 10 million iterations of it?
|
|
|
|
|